On (28/08/15 08:44), Lukas Slebodnik wrote: >On (23/08/15 17:53), alireza baghery wrote: >>Hi i install Centos 7.1 (IDM Server) >>and integrate with Windows SERVER 2008 R2 Trust >>USER AD can not Login on client (OLE 6.6) but User create idm can login >> >>name IDM SERVER= ipasrv.l.infotechpsp.net >>domain Windows = infotechpsp.net >> >>i execute [ kinit abagh...@infotechpsp.net] on IDM Server >>and klist and show keytab abagheri >>but execute kvno abag...@infotechpsp.net >>get ERROR kvno Server not found in kerberos database >>please help me and thank you >> >>KLIST >>================================ >> >>Valid starting Expires Service principal >>08/23/15 17:09:53 08/24/15 03:11:34 krbtgt/infotechpsp....@infotechpsp.net >> renew until 08/24/15 17:09:53 >> >>===================================== >> >>Tail LOG /var/log/sssd/ssd_l.infotechpsp.net debug_level = 6 >>===================================== >>[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with >>[(objectclass=*)][]. >>(Sun Aug 23 17:12:45 2015) [sssd[be[l.infotechpsp.net]]] >>[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg >>set >>(Sun Aug 23 17:12:45 2015) [sssd[be[l.infotechpsp.net]]] [sdap_kinit_send] >>(0x0400): Attempting kinit (default, host/ussd7.l.infotechpsp.net, >>L.INFOTECHPSP.NET, 86400) >>(Sun Aug 23 17:12:45 2015) [sssd[be[l.infotechpsp.net]]] >>[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' >>(Sun Aug 23 17:12:45 2015) [sssd[be[l.infotechpsp.net]]] [resolve_srv_send] >>(0x0200): The status of SRV lookup is resolved >>(Sun Aug 23 17:12:45 2015) [sssd[be[l.infotechpsp.net]]] >>[be_resolve_server_process] (0x0200): Found address for server >>ipasrv.l.infotechpsp.net: [10.30.160.19] TTL 1200 >>(Sun Aug 23 17:12:45 2015) [sssd[be[l.infotechpsp.net]]] >>[set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child >>(Sun Aug 23 17:12:45 2015) [sssd[be[l.infotechpsp.net]]] >>[write_pipe_handler] (0x0400): All data has been sent! >>(Sun Aug 23 17:12:45 2015) [sssd[be[l.infotechpsp.net]]] >>[read_pipe_handler] (0x0400): EOF received, client finished >>(Sun Aug 23 17:12:45 2015) [sssd[be[l.infotechpsp.net]]] >>[sdap_get_tgt_recv] (0x0400): Child responded: 0 [FILE:/var/lib/sss/db/ >>ccache_L.INFOTECHPSP.NET], expired on [1440420165] >>(Sun Aug 23 17:12:45 2015) [sssd[be[l.infotechpsp.net]]] >>[sdap_cli_auth_step] (0x0100): expire timeout is 900 >>(Sun Aug 23 17:12:45 2015) [sssd[be[l.infotechpsp.net]]] [sasl_bind_send] >>(0x0100): Executing sasl bind mech: GSSAPI, user: host/ >>ussd7.l.infotechpsp.net >>(Sun Aug 23 17:12:46 2015) [sssd[be[l.infotechpsp.net]]] >>[child_sig_handler] (0x0100): child [13370] finished successfully. >>(Sun Aug 23 17:12:46 2015) [sssd[be[l.infotechpsp.net]]] >>[fo_set_port_status] (0x0100): Marking port 389 of server ' >>ipasrv.l.infotechpsp.net' as 'working' >>(Sun Aug 23 17:12:46 2015) [sssd[be[l.infotechpsp.net]]] >>[set_server_common_status] (0x0100): Marking server ' >>ipasrv.l.infotechpsp.net' as 'working' >>(Sun Aug 23 17:12:46 2015) [sssd[be[l.infotechpsp.net]]] >>[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with >>[objectclass=ipaNTTrustedDomain][cn=trusts,dc=l,dc=infotechpsp,dc=net]. >>(Sun Aug 23 17:12:46 2015) [sssd[be[l.infotechpsp.net]]] [be_run_online_cb] >>(0x0080): Going online. Running callbacks. >>(Sun Aug 23 17:12:46 2015) [sssd[be[l.infotechpsp.net]]] >>[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg >>set >>(Sun Aug 23 17:12:46 2015) [sssd[be[l.infotechpsp.net]]] >>[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with >>[objectclass=ipaIDRange][cn=ranges,cn=etc,dc=l,dc=infotechpsp,dc=net]. >>(Sun Aug 23 17:12:46 2015) [sssd[be[l.infotechpsp.net]]] >>[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg >>set >>(Sun Aug 23 17:12:46 2015) [sssd[be[l.infotechpsp.net]]] >>[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with >>[objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=l,dc=infotechpsp,dc=net]. >>(Sun Aug 23 17:12:46 2015) [sssd[be[l.infotechpsp.net]]] >>[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg >>set >>(Sun Aug 23 17:12:46 2015) [sssd[be[l.infotechpsp.net]]] >>[get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>) >>[Success] >>(Sun Aug 23 17:12:46 2015) [sssd[be[l.infotechpsp.net]]] >>[be_get_account_info] (0x0100): Got request for [4097][1][name=abagheri] >>(Sun Aug 23 17:12:46 2015) [sssd[be[l.infotechpsp.net]]] >>[ipa_s2n_exop_send] (0x0400): Executing extended operation >>(Sun Aug 23 17:12:46 2015) [sssd[be[l.infotechpsp.net]]] >>[ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Operations >>error(1), (null) >There seems to be a problem on server side. >It's is a very likely bug in sssd on FreeIPA server. > >Some AD related fixes are included in latest update in el7.1 >(1.12.2-58.el7_1.14) > >If it does not help please try to upgrade to the latest upstream version >of sssd[1]. I hope it will help otherwise we will need to see log files >from IPA server. > >LS > >[1] https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-12/ > Did it help to upgrade sssd?
LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project